2 matches found
BIT-DISCOURSE-2022-23548
Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch, parsing posts can be susceptible to regular expression denial of service ReDoS attacks. This issue is patched in version 2.8.14. There are no known workarounds...
CVE-2022-31100 Reachable Assertion in rulex
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to...